mirror of
https://github.com/projectdiscovery/nuclei-templates.git
synced 2026-02-03 01:03:34 +08:00
37 lines
967 B
YAML
37 lines
967 B
YAML
id: winrm-detect
|
|
|
|
info:
|
|
name: Windows Remote Management - Detection
|
|
author: pussycat0x
|
|
severity: info
|
|
description: |
|
|
Detects Windows Remote Management (WinRM) by checking HTTP response headers on ports 5985 (HTTP) and 5986 (HTTPS).
|
|
metadata:
|
|
max-request: 1
|
|
verified: true
|
|
shodan-query: product:"WinRM"
|
|
tags: network,winrm,windows
|
|
|
|
http:
|
|
- method: POST
|
|
path:
|
|
- "{{BaseURL}}/wsman"
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: status
|
|
status:
|
|
- 401
|
|
|
|
- type: regex
|
|
part: header
|
|
regex:
|
|
- 'Microsoft-HTTPAPI\/[0-9\.]+'
|
|
|
|
- type: word
|
|
part: header
|
|
words:
|
|
- "Www-Authenticate: NTLM"
|
|
- "Www-Authenticate: Negotiate"
|
|
condition: or
|
|
# digest: 4b0a00483046022100eac570d9b3075a685e3272c7187bbf9188fc78918a3c90940596b831b97594700221009718b3f625d4c366cc2d750b15f8065f71533c23e8c5ea508dace8ecbe9584bb:922c64590222798bb761d5b6d8e72950 |